AVG-576

Package qtpass
Status Fixed
Severity High
Type private key recovery
Affected 1.2.0-1
Fixed 1.2.1-1
Current 1.2.3-1 [community]
Ticket None
Created Sat Jan 6 15:09:44 2018
Issue Severity Remote Type Description
CVE-2017-18021 High Yes Private key recovery
It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only...
Date Advisory Package Description
11 Jan 2018 ASA-201801-11 qtpass private key recovery
Notes
It is advised to change all your passwords and regenerate them using a secure utility such as pass, or update to the latest version of QtPass and regenerate from there.